Posted On: Oct 29, 2021
You can now share your Amazon Machine Images (AMIs) with AWS Organizations and Organizational Units (OUs). Previously, you could share AMIs only with specific AWS account IDs. To share AMIs with AWS Organizations, you had to explicitly manage sharing of AMIs with AWS accounts that were added to or removed from AWS Organizations. With this new feature, you no longer have to update your AMI permissions because of organizational changes. AMI sharing will be automatically synced when organizational changes occur. This feature helps you centrally manage and govern your AMIs as you grow and scale your AWS accounts.
You can share AMIs with AWS Organizations and Organizational Units the same way as you share AMIs with specific accounts, allowing any account in that organization or organizational unit to describe and launch the AMI. To share the AMI, simply add the Org ID or OU ID in launch permissions of EC2 ModifyImageAttribute API.
This capability is available through the AWS Command Line Interface and the AWS Software Development Kit (AWS SDK) in all AWS Regions except Amazon Web Services China (Beijing) Region and Amazon Web Services China (Ningxia) Region. To learn more about sharing AMIs with organizations, please refer to the documentation here.